An attacker can craft a variety of Messages with invalid Message structure (malformed XML, SOAP, UA Binary, etc.) or data values, and send them to OPC UA Clients, Servers or Subscribers.

The OPC UA Client, Server or Subscriber may incorrectly handle certain malformed Messages by performing unauthorized operations or processing unnecessary information. It might result in a denial or degradation of service including termination of the application or, in the case of embedded devices, a complete crash. In a worst-case scenario an attacker could use malformed Messages as a pre-step for a multi-level attack to gain access to the underlying system of an OPC UA Application.

Malformed Messages impacts Integrity and Availability.

See 5.1.7 for the reconciliation of this threat.